Wiesbaden : , : Springer Fachmedien Wiesbaden : , : Imprint : Springer Vieweg, , 2014

3-658-06708-X

1 online resource (278 p.)

004

005.8

Computer security

Systems and Data Security

Inglese

Description based upon print version of record.

Includes bibliographical references and index at the end of each chapters.

""Contents""; ""About this Book""; ""TeleTrusT � IT Security Association Germany""; ""EEMA""; ""SAFECode Whitepaper: Fundamental Practices for Secure Software Development 2nd Edition""; ""1 Secure Design Principles""; ""1.1 Threat Modeling""; ""1.1.1 CWE References1""; ""1.1.2 Verification""; ""1.2 Use Least Privilege""; ""1.2.1 CWE References""; ""1.2.2 Verification""; ""1.3 Implement Sandboxing""; ""1.3.1 CWE References""; ""1.3.2 Verification""; ""2 Secure Coding Practices""; ""2.1 Minimize Use of Unsafe String and Buffer Functions""; ""2.1.1 Automatic use of safer functions""

""2.1.2 CWE References""""2.1.3 Verifikation""; ""2.2 Validate Input and Output to Mitigate Common Vulnerabilities""; ""2.2.1 CWE References""; ""2.2.2 Verification""; ""2.3 Use Robust Integer Operations for Dynamic Memory Allocations and Array Offsets""; ""2.3.1 CWE References""; ""2.3.2 Verification""; ""2.4 Use Anti-Cross Site Scripting (XSS) Libraries""; ""2.4.1 CWE References""; ""2.4.2 Verification""; ""2.5 Use Canonical Data Formats""; ""2.5.1 CWE References""; ""2.5.2 Verification""; ""2.6 Avoid String Concatenation for Dynamic SQL Statements""; ""2.6.1 CWE References""

""2.6.2 Verification""""2.7 Eliminate Weak Cryptography""; ""2.7.1 CWE References""; ""2.7.2 Verification""; ""2.8 Use Logging and Tracing""; ""2.8.1 CWE References""; ""2.8.2 Verification""; ""3 Testing Recommendations""; ""3.1 Determine Attack Surface""; ""3.2 Use Appropriate Testing Tools""; ""3.3 Perform Fuzz / Robustness Testing""; ""3.4 Perform Penetration Testing""; ""3.4.1 CWE References""; ""3.4.2 Verification""; ""4 Technology Recommendations""; ""4.1 Use a Current Compiler Toolset""; ""4.1.1 CWE References""; ""4.1.2 Verification""; ""4.2 Use Static Analysis Tools""

""4.2.1 CWE References""""4.2.2 Verification""; ""5 Summary of Practices""; ""6 Moving Industry Forward""; ""About SAFECode""; ""Security Management, CISO Inside""; ""In-House Standardization of Security Measures: Necessity, Benefits and Real-world Obstructions""; ""1 Understanding Standardization""; ""1.1 In-house motivation""; ""1.2 Definition: standards and norms""; ""2 Necessity and benefits""; ""2.1 Necessity: IT service provisioning""; ""2.2 Benefits: quality and cost improvements""; ""2.3 CISO specifics""; ""3 What can be standardized""; ""4 Obstacles and solutions""

""4.1 Business factors""""4.2 Security factors""; ""4.3 Human factors""; ""5 Summary""; ""References""; ""An Effective Approach for Assessing the Risk of Acquired IT Products""; ""1 Software Vulnerabilities and the Laws of Software Assurance""; ""1.1 What are Software Vulnerabilities?""; ""1.2 What is the Difference between Software Vulnerabilities and Software Errors?""; ""1.3 How do we Address Software Vulnerabilities?""; ""2 Risk Management""; ""2.1 What is the Relationship between Software Vulnerabilities and Risk Management?""

""2.2 How do Organizations Assess the Risk of Acquired IT Products Today?""

This book presents the most interesting talks given at ISSE 2014 – the forum for the interdisciplinary discussion of how to adequately secure electronic business processes. The topics include: - Trust Services, eID and Cloud Security - BYOD and Mobile Security - Cybersecurity, Cybercrime, Critical Infrastructures - Security Management, CISO Inside - Privacy, Data Protection, Human Factors - Regulation & Policies Adequate information security is one of the basic requirements of all electronic business processes. It is crucial for effective solutions that the possibilities offered by security technology can be integrated with the commercial requirements of the applications. The reader may expect state-of-the-art: best papers of the Conference ISSE 2014. Content Trust Services, eID, Cloud Security & Management – BYOD, Mobile Security & Applications – Cybersecurity, Cybercrime, Critical Infrastructures – Security Management, CISO’s Experiences – Human Factors, Awareness & Privacy – Regulations and Policies Target Groups Chief Information Security Officers Developers of Electronic Business Processes IT Managers IT Security Experts Researchers Editors Norbert Pohlmann: Professor for Information Security and Director of the Institute for Internet Security at the Westphalian University of Applied Sciences Gelsenkirchen. Additionally he is president of the IT Security Association TeleTrusT. Helmut Reimer: Senior Consultant, TeleTrusT Wolfgang Schneider: Senior Adviser, Fraunhofer Institute SIT.